CVE-2017-2629

curl before 7.53.0 has an incorrect TLS Certificate Status Requestextension feature that asks for a fresh proof of the server's certificate'svalidity in the code that checks for a test success or failure. It ends upalways thinking there's valid proof, even when there is none or if theserver doesn't support the TLS extension in question. This could lead tousers not detecting when a server's certificate goes invalid or otherwisebe mislead that the server is in a better shape than it is in reality. Thisflaw also exists in the command line tool (--cert-status).